Discuss the type of security
vulnerabilities in DNS and what measures are (5 Marks) taken to prevent it? DNS is highly
vulnerable to attacks and spoofing. An intruder can intercept virtually all
requests to translate names to IP addresses, and supply the address of a
subverted machine instead; this would allow the intruder to spy on all
traffic, and build a nice collection of passwords if desired. IP spoofing
attacks can be prevented to an extent. Ssh provides an improved type of
authentication. The server has a list of host keys stored in
letc/ssh~known~host, and additionally each user has host keys in
$HOME/.ssh/known hosts. Ssh uses the name servers to obtain the canonical
name of the client host, looks for its public key in its known host files,
and requires the client to prove that it knows the private host key. This
prevents IP and routing spoofing attacks. rlogin and rsh
permit ordinary users to extend trust to remote host/user combinations. In
that case, individual users, rather than an entire system, may be targeted by
source routing attacks. The information required for this attack are the
target hostname, trusted hostname and the user name, which are obtained by
the "finger" command. Attack is done
as below: In spoofing a
host or application to mimic the actions of another. The attacker pretends to
be an innocent host by following IP addresses in network packets. rlogin
service can use this method to mimic a TCP connection from another host by
guessing TCP sequence numbers. These
attacks can be prevented by: ·
Prevent datagram routing with invalid source
addresses. · Introduce unpredictability into connection control
mechanisms, such as TCP sequence numbers and the allocation of dynamic port
addresses. ·
Letting rsh/ rlogin to do forward loop along with
the reverse lookup. Allowing to do
forward lookup creates a problem called " poisoning the cache "
where the attacker sends an unsolicited record along with the PTR record
(PTR-a pointer to another part of the domain name space). This attack-can
be subverted by rejecting with the record, which arrives along with the PTR
record. |